CVE-2020-24658 — Allocation of Resources Without Limits or Throttling in ARM Compiler

CWE-770 — Allocation of Resources Without Limits or Throttling CWE-787 — Out-of-bounds Write2 documents2 sources

Severity

7.8HIGHNVD

EPSS

0.2%

top 54.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ARM Compiler

Timeline

PublishedDec 24

Latest updateMay 24

Description

Arm Compiler 5 through 5.06u6 has an error in a stack protection feature designed to help spot stack-based buffer overflows in local arrays. When this feature is enabled, a protected function writes a guard value to the stack prior to (above) any vulnerable arrays in the stack. The guard value is checked for corruption on function return; corruption leads to an error-handler call. In certain circumstances, the reference value that is compared against the guard value is itself also written to the…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

▶NVDarm/arm_compiler5.01 — 5.06+1

🔴Vulnerability Details

GHSA

GHSA-w56g-cw97-958x: Arm Compiler 5 through 5↗2022-05-24

▶